Category: Business Transformation

We have just had our first CRM Saturday Bootcamp at Microsoft UK London Paddington offices this Saturday, 22nd July 2017. It has been a lot of hard work for everyone at CRM Saturday especially the trainers: Neil Parkhurst, Janet Rob, Raz Choudry and Baris Kanilca. As for me, I did 16K steps just walking between the various rooms ensuring all sessions are adhering to our agenda times. Personally, my sessions both overrun by few minutes and some of my track attendees missed part of their breaks as I got carried away! For this, I’m sorry 🙂 It has been a seriously fun event with some excellent attendees.

Not only we had 110 excellent attendees @ our free #MSDyn365 #CRMSaturday Bootcamp. We also raised £1,421 for the London Fire Fund, British Red Cross.

We learnt Dynamics 365 together in 3 different parallel tracks. There was a lot of excellent networking as well as some great fun at the various breaks and the Raffle ticket awards.

Some of our attendees even went back home with an XBOX S One, an Amazon Alexa/Echo and other prizes. What a day!

In this post, I’m trying to highlight key areas where organisations need to focus their attention and resources to ensure their compliance. This is not an exhaustive list of all key areas but are in my view the most urgent ones.

For Data Classification, this goes back to how you define your customers data as Personal Identifiable Information (PII), sensitive information or just general non-PII data. You need to know all the PII and sensitive data locations in all your systems and solutions including files such as documents, presentations and excel spreadsheets. If you can’t know where you data is stored then you can’t really protect it and you will more than likely be at risk of losing some information and face a massive GDPR related fine.

Second key area is metadata or audit information about collected and stored data. These include the When, Why and What for questions. When the data was collected, why you collected it and what are you going to use it for in the future. If you know the answer to these questions, you should then follow this up with regularly planned audit of your solutions / IT Systems to check if you should continue to store it in the future. It is a good practice to only store information you require to conduct daily business activities and nothing more than you need.

Applying this point on Dynamics 365 CRM would be by ensuring Auditing is switched on for all your Customer entities, mainly Contact and Account entities and other custom entities you might have created for your customers or persons you have relationships with. Auditing can be switched on through the customisation area of Dynamics CRM.

The next key area of focus for businesses preparing for GDPR is the governance and protection of the data including identifying who can access which data and under what circumstances. It also includes putting in place procedures for data access authorisation, apply suitable security roles and limit access to data at a granular level if needed. Microsoft Dynamics 365 has a wide variety of functionality and capability that can allow any business apply these GDPR considerations on their Dynamics Solution. Capabilities include User/Access Team security, Security Roles, Business Units as data containers, Field Level Security Profiles, Auditing, Multiple Forms per entity and many more great functionalities with lots of flexibility to achieve your optimal GDPR governance process.

Finally, the last key area that businesses should give attention to as part of their preparation for GDPR is Monitoring. GDPR stipulates that organisations must have robust procedures for monitoring data access and a strict security measures in an “Always monitoring” mode that immediately alerts relevant parties in case of any data breach. Security procedures and processes should include review of patterns of data access and making sure any irregularities and unexpected behaviour (from a person or a system) are spotted at a very early stage.

With that, I hope I have covered some of the key areas of considerations for organisations preparing for GDPR compliance especially those with Dynamics 365 CRM system. If you need help making your Dynamics 365 solution GDPR compliant and want to know more about Dynamics capabilities and functionality that allows you to achieve that, then please do get in touch via the contact page.

Disclaimer: This post like all other posts on my blog, are provided as is with no warranties. Please note that I’m not a GDPR or Data Protection expert but a Dynamics 365 one. All posts on this blog including the GDPR series are provided as is with no warranty and are the product of my research and understanding. Please speak to a legal or regulatory advisor if you need an expert GDPR opinion. However, you can speak to me if you need an expert #MSDyn365 opinion!

Please join me in my next Microsoft CRM User Group webinar on the 19th May discussing the Digital Transformation of the Property & Housing Market using Microsoft Dynamics 365.

This is a global webinar which will cover successful digital transformations delivered through Dynamics 365 in the Property Market. The session will also discuss regulatory and compliance challenges including Housing Regulations, GDPR and Data Protection.

The session is supported by Microsoft’s Ben Sandall (TSP – Housing Sector) with a chance for questions and answers about Microsoft Dynamics 365 focus in the Property & Housing market.

CRMUG have kindly accepted to make this session Free for everyone as an exception. Please register to attend using the following link (any problems please comment below and I’ll be happy to help you register):

Like this:

In the new world of Europe’s General Data Protection Regulation (GDPR), businesses, organisations and delivery partners are now directly responsible for the protection of Customers Data and everything related to processing it including: Who, How, Where and Why. This is another article in my series on GDPR and Dynamics 365 Compliance for this data protection regulation. You can find all articles on this subject here.

Customer Data can be divided into two main categories:

Personal Identifiable Data (PID for short): This any data that a customer can be identified with. This may include customers first and last name, email address, phone number, address, National Insurance number, GPS / Geographical & location data, etc.

Sensitive Data: This is any data that is regarded as sensitive by Customers which businesses may need to capture for regulatory reporting purposes or for their own operational and diversity reporting needs. This includes: Sexuality (Sexual orientation), Religion, Ethnicity or Race, Disability, etc.

Many businesses need Personal Identifiable Data (Category 1) for their daily operations so this data is normally accessible by all its employees. However, some businesses do not need to know of or capture sensitive data unless for operational, reporting or regulatory compliance reasons as stated above. If a business doesn’t need sensitive data, they are encouraged not to capture it. However, it is obviously essential for all businesses to have some PID about their customers.

Now, how can Dynamics 365 security model help you ensure your business or solution GDPR compliant.

Dynamics 365 CRM security model have a number of features that allows a business to protect, hide and separate customers sensitive data from customers PID so that the former is only accessible by a subset of employees. However, the latter (PID) will need to be available to all employees who needs this information to perform their work activity with the added protection that prevents PID and any customer data loss.

Every business needs to rigorously protect their Customer Data from loss and should invest in all the necessary resources, controls and systems to prevent data loss with all its consequences of brand damage, compensation payments and hefty fines especially with the new Data loss fines. Robust data protections controls in Dynamics 365 solutions can be achieved in many ways and various flavours. The Dynamics 365 provide an array of capabilities to utilise including Security Roles, Access Teams, Field Level Security, Business units / teams / users ownership that can all be used to apply robust security measures on your data in Dynamics CRM solutions.

Protecting Customer PID and Sensitive data should include considerations of who can export data into excel to avoid data loss. This is a very important consideration and locking down this privilege in security roles allocated to users who don’t need this functionality should always be a high priority as part of your Solution Security Design.

Here is the “Export to Excel ” privilege in security roles:

Additionally, Sensitive data (category 2 above) should only be presented to organisation employees who require access to it. To achieve this in Dynamics 365 CRM, you can do the following:

Setup two forms for your Dynamics CRM Contact (Customer) entity: One form is the Main Form that is accessible by the whole organisation and another form which additionally includes sensitive data. This form should then be only allocated to a special Security Role that allows access to this sensitive data. For example: Sensitive data security role.

This first step only protects the display of the data but it does not protect sensitive data from being searched or reported on. To actually protect the sensitive data fields completely, you will need to create a Field Level Security Profile and allocate it to the Team / Security role you have allowed access to sensitive data.

Once this is done, you can then allocate a selected number of users to this team / security role so they can access your sensitive data.

The above approach is obviously just one way of achieving this requirement of protecting customers sensitive data for GDPR compliance. However, there are many other ways of achieving this and you can always adjust your Dynamics 365 solution design to your exact business and solution requirements.

Hope this helps!

Disclaimer: I’m not a GDPR or Data Protection expert but a Dynamics 365 one. All posts on this blog including the GDPR series are provided as is with no warranty and are the product of my research and understanding. Please speak to a legal or regulatory advisor if you need an expert GDPR opinion. However, you can speak to me if you need an expert #MSDyn365 opinion! 🙂

Like this:

In an official Microsoft blog post, Microsoft has guaranteed contractual public commitment for the European Union’s General Data Protection regulation (GDPR), a privacy regulation which goes into effect on May 25, 2018.

If your organization collects, hosts or analyses personal data of EU residents, GDPR provisions require you to use third-party data processors who guarantee their ability to implement the technical and organizational requirements of the GDPR.

Microsoft is making its contractual commitments available so that it provides key GDPR-related assurances about Microsoft services. Microsoft contractual commitments guarantee that any organisation using Microsoft cloud can:

Respond to requests to correct, amend or delete personal data.

Detect and report personal data breaches.

Demonstrate compliance with the GDPR.

This is great news for all Microsoft Azure cloud customers and equally significant for Microsoft Dynamics 365 CRM Customers in Europe who are directly impacted by all the new GDPR regulations.

Read the full blog post at https://blogs.microsoft.com/on-the-issues/2017/04/17/earning-trust-contractual-commitments-general-data-protection-regulation/#H1002zFpei8dJ9wC.99

Like this:

Today Microsoft announced a new integration that brings Microsoft Dynamics 365 for Sales and LinkedIn’s Sales Navigator much closer together and offering a new license that combines the two essential tools together: Dynamics 365 and LinkedIn. The new license for both products will start at $135 per seat per month. UK / Europe pricing is not available yet.

The new integrations between Sales Navigator and Dynamics 365 for Sales delivers what appears to be a great experience in the following ways:

Dailyupdates between systems so the accounts and contacts sales representatives are actively working on in Dynamics 365 are automatically saved to Sales Navigator.In addition, sales reps can see in Sales Navigator what people and companies are already saved in Dynamics, and vice-versa.

With a single click, the ability to write select Sales Navigator activities (InMails, messages, notes and call logs) to Dynamics 365.

The new Dynamics 365 and LinkedIn Sales Navigator license sku will be on sale starting on 1st July 2017. The new offer that combines Microsoft’s Dynamics 365 for Sales and LinkedIn’s Sales Navigator Team Edition, starts at $135 per seat per month before volume discounts.

Like this:

This is the second article in my series on GDPR considerations for Microsoft Dynamics 365. If you are not aware or not sure in details what GDPR is and how it impacts Microsoft Dynamics 365 Solutions and Projects, then please read my first article in this series.

In this article, I’m trying to cover Microsoft Dynamics 365 CRM readiness for GDPR which is due to be effective on the 25th May 2018. In summary, Microsoft is committed to bring all its products, services and processes to be compliant with GDPR by May 2018.

For Microsoft Dynamics 365, there are many ways where you can design your Dynamics 365 CRM Solution to manage and control access to your data. Some example approaches include the following capabilities in Microsoft Dynamics CRM platform:

Role-based security in Microsoft Dynamics 365 allows you to group together a set of privileges that limit the tasks that can be performed by a given user applied against a specific Dynamics CRM entity or specific task/action privilege. This is an important capability, especially when people change roles within an organization and directly impact data protection and security.

Record-based security in Dynamics 365 allows you to restrict access to specific records using capabilities such as Access Teams in Dynamics 365 CRM

Field-level security allows you to restrict access to specific high-impact fields, such as personally identifiable information and sensitive data such as sexuality, religion and ethnicity/race.

This is significantly essential for GDPR compliance and I have personally been involved in applying these considerations to some of our ongoing Dynamics 365 projects to ensure our Dynamics 365 solution is in compliance with GDPR in advance. Similarly, all current Dynamics 365 projects and live Dynamics 365 solutions must be updated and modified to ensure compliance with GDPR using these and similar capabilities.

Microsoft confirms they have mandatory processes and encryption restrictions within Dynamics 365 both Online / Cloud and on-premise to comply with GDPR. Some of these include:

Security Development Lifecycle: a mandatory Microsoft process that embeds security requirements into every phase of the development process. Dynamics 365 is built using the Security Development Lifecycle.

Encryption: in transit between your users’ devices and Microsoft data centers, as well as while at rest in a Microsoft database. This helps protect your Dynamics 365 data at all times according to Microsoft. This restriction particularly applies to Dynamics CRM Online / Azure Cloud.

Disclaimer: I’m not a GDPR or Data Protection expert but a Dynamics 365 one. All posts on this blog including the GDPR series are provided as is with no warranty and are the product of my research and understanding. Please speak to a legal or regulatory advisor if you need an expert GDPR opinion. However, you can speak to me if you need an expert #MSDyn365 opinion! 🙂

Like this:

If your solution / project is in Europe, built-on Microsoft Dynamics 365 and you are not aware / sure what GDPR is, then you better act fast! You need to get familiar with it very soon.

GDPR stands for General Data Protection Regulation effective from 18th May 2018.

According to Wikipedia, GDPR is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.

The primary objectives of the GDPR are to give citizens and residents back control of their personal data and to “simplify” the regulatory environment for international business by unifying the regulation within the EU.

As per the ICO, the UK’s independent body set up to uphold information rights, the GDPR applies to “controllers” and “processors”. The definitions of controllers and processes are broadly the same as those under the Data Protection Act. In short, the controller says how and why personal data is processed and the processor acts on the controller’s behalf.

If you are a processor, the GDPR places specific legal obligations on you.

For example, if you/ your organisation / your solution / your product maintains or stores records of personal data and includes processing activities, you will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR and were not as such in the Data Protection Act (DPA).

If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.

Applying this on Microsoft Dynamics 365 solutions, especially Dynamics CRM projects, this is a significant legal obligation. The Majority, if not All, Dynamics CRM projects include the storage, maintenance and processing of personal data and hence, they will most probably fall under GDPR rules.

If you are a Dynamics 365 consultant, developer or working for a Dynamics 365 client or partner implementing Dynamics 365, then you need to be aware and ready for GDPR as it directly affects you and your work.

In my next post on GDPR, I will be covering in more details what obligations you have and how GDPR obligations affect your Dynamics 365 solution/project. So watch this space.

Please comment below if you are interested in this subject and/or if you would like to be informed about the full whitepaper I will be releasing soon about GDPR and Dynamics 365.

Looking forward to read your comments and finding out if you are interested in the whitepaper

Disclaimer: I’m not a GDPR or Data Protection expert but a Dynamics 365 one. All posts on this blog including the GDPR series are provided as is with no warranty and are the product of my research and understanding. Please speak to a legal or regulatory advisor if you need an expert GDPR opinion. However, you can speak to me if you need an expert #MSDyn365 opinion! 🙂

Like this:

The newly announced Microsoft Dynamics 365 is certainly a massive and exciting move by Microsoft to gain additional market share of CRM & ERP Business Solutions. Dynamics 365 with its CRM, Ax and Nav components and the ability to integrate them together via Common Data Services (previously known as Common Data Model) is certainly an interesting step forward for everyone in the Dynamics Community. Microsoft Flow, Power Apps and the new Power BI capabilities are all adding to the positive hype but also adds to the pressure on Microsoft Dynamics Implementation partners to keep up to speed with all these new technologies and features.

One big question, my clients are currently asking is whether or not they should consider CRM Online and Ax Online (Dynamics 365), a hybrid of the two or even a hybrid model (CRM Online and CRM on-premise hybrid setup).

In my view, the important observation from the comparison table below is that Microsoft increasing focus on Artificial Intelligent is concentrated on the Cloud with most of these capabilities and features Online only. Other significantly important and rising features such as Microsoft Dynamics Field Services and Microsoft Project Services Automation are all Dynamics 365 Online only. Some excellent new features such as App designer and Sitemap designers are also Dynamics 365 CRM online only.

For any organisation considering or planning to use any of these features, they will certainly need to consider Dynamics 365 cloud (previously known as CRM Online).

Share this:

Like this:

Yesterday I was invited to do a talk at the UK Microsoft Dynamics CRM User Group (CRMUG) in Microsoft offices in Reading, United Kingdom. It was a great opportunity to talk about a subject that is close to my heart which is managing the impact of business change in CRM projects and specifically the #MSDynCRM ones.

I had great interactive audience which meant we all worked together in the session to explore the few points I wanted to discuss. One of these important points in my mind was, how to define a success Dynamics CRM project? Is it No Priority 1 (P1), P2 issues? Is it the fact it is within budget and on time? No scope creep? how about ensuring you are hitting your margin / profit / revenue forecast?

In my view, it’s none of the above. You can deliver a great technological solution with minimal bugs (or even no issues at all!), but the question really is: Has it delivered the expected business benefits? Has it achieved the overall business objective? how is marked against the programme benefit case? Or does the project actually has a benefits case that you are working against aiming to deliver?

In this CRM User group, and with the help with a lively audience, we managed to explore how we can actually define the success of the project by debating all of the above questions. I appreciate there is no right or wrong answer but I guess we reached a consensus on what would make a programme of change a success.

Following that, we started to discuss managing the business transformation and change in your project… but that, is the subject of another blog post.

In the mean time, if you would like a copy of my slides, please feel free to ask via a comment below and I’ll email it to you.